[tor-project] Setup Worksheet

Fri Jan 8 20:38:12 UTC 2016

Hi, couple people were curious on irc about the setup instructions I
gave Shari so here they are. Might be interesting to have a 'getting
started' doc available for non-developers. On the other hand though we
don't bring new people on too often.

Cheers! -Damian

============================================================

---------------------------------------------------------------------------
1. Connect to IRC on Adium
---------------------------------------------------------------------------

Most important thing is getting you on irc! We want to make sure you're using
SSL to prevent trivial wire-tapping and registered with the Nick server.

To get started connect to OFTC's SSL endpoint...

  ircs://irc.oftc.net:6697

Pick a nickname you like, then run...

  /msg nickserv register [password] [email]

To claim your nick when you first connect you'll run...

  /msg nickserv identify [password]

Adium (and later Irssi) can do this for you automatically if configured to
do so.

At this point you should be on irc so lets get ya on the channels important
to you. There's only two...

  #tor-project - public organizational discussions
  #tor-internal - private internal channel, ask Damian for the password

Other tor channels are...

  #nottor - off-topic banter
  #tor - general tor user channel
  #tor-dev - tor development discussions

---------------------------------------------------------------------------
2. Set up OTR
---------------------------------------------------------------------------

Since we've got Adium up anyway lets look into setting up OTR. This provides
an encrypted method of chatting with others.

  https://adium.im/help/pgs/AdvancedFeatures-OTREncryption.html

The only real trick to OTR is communicating fingerprints with the people you
want to talk to. Usually this is done in person, via a shared secret ('what
did we talk about in person last week?'), or some other mechanism to ensure
the person on the other end is who you think it is. Once a fingerprint is
established it's remembered for next time.

---------------------------------------------------------------------------
3. Set up PGP
---------------------------------------------------------------------------

We'll step through the commandline instructions, but there's also GUIs
you'll likely find much easier to use...

  https://ssd.eff.org/en/module/how-use-pgp-mac-os-x

Making your key with a revocation certificate just in case it gets
compromised...

  % gpg --gen-key
  % gpg --output revoke.asc --gen-revoke [key]
  % gpg --keyserver pgp.mit.edu --send-key [key]

Sending an email to someone...

  % gpg -r 'atagar1 at gmail.com' -a --encrypt my_reply.txt
  % cat my_reply.txt.asc

  The thing you now see on your screen is an encrypted email only that
  recipient can decrypt.

Receiving an email...

  % gpg --decrypt my_message.txt.asc

Signing a document to prove it's from you...

  % gpg --clearsign my_reply.txt

Getting someone's key...

  Say you get a business card with a pgp fingerprint on it. You can add
  their key using the following, so you can send them encrypted messages...

  % gpg --recv-keys 68278CC5DD2D1E85C4E45AD90445B7AB9ABBEEC6

To give this a whirl lets request a tor ldap account. This will give you
a @torproject.org email address and, more importantly, access to some of
our infrastructure. This is needed so we can set up Irssi another day to
get ya a persistent irc connection. Look at the following ticket and do
what I did...

  https://trac.torproject.org/projects/tor/ticket/17353

---------------------------------------------------------------------------
4. Request access to corporate SVN
---------------------------------------------------------------------------

We use an access restricted Subversion server for sensitive documents
you'll need access to. To get it run the following...

  % htdigest -c passwd.corp "Tor Project Corporate SVN" [username you want]
  % htdigest -c passwd.internal "Tor Project Internal SVN" [username you want]

... and send the content of those two files to Nick in a pgp signed email.

---------------------------------------------------------------------------
Follow-up tasks...
---------------------------------------------------------------------------

1a. Swap email to Riseup.

1b. Send me and Roger a notice saying what your new address is. We'll update
    your email list subscriptions.

2. When you have an ldap account lets meet again to get Irssi going. That'll
   give you a much better irc setup.

3. Nick suggests the following: confirm you have disk encryption enabled,
   find a password manager you like, and make sure you have backups (such
   as OSX's Time Machine).